Stratfor hackers publish email, password data

Boston (Reuters) – Hackers affiliated with the Anonymous group published hundreds of thousands of email addresses they claimed belong to subscribers of private intelligence analysis firm Strategic Forecasting Inc.

The list, published late on Thursday, includes email addresses appearing to belong to people working for large corporations, the U.S. military and major defense contractors – information that hackers could potentially use to target them with virus-tainted emails in an approach known as “spear phishing.”

The Antisec faction of Anonymous last weekend disclosed that it had hacked into the firm, which is widely known as Stratfor and is also dubbed a “shadow CIA” because it gathers open-source intelligence on international crises.

The hackers had promised to cause “mayhem” by releasing stolen data from the private group.

Stratfor issued a statement confirming that the published email addresses had been stolen from the company’s database, saying it was helping law enforcement probe the matter and conducting its own investigation.

“At Stratfor, we try to foster a culture of scrutiny and analysis, and we want to assure our customers and friends that we will apply the same rigorous standards in carrying out our internal review,” the statement said.

“There are thousands of email addresses here that could be used for very targeted spear phishing attacks that could compromise national security,” said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit group that studies cyber threats.

The Pentagon said it saw no threat so far.

“We are not aware of any compromise to the DOD information grid,” said Lieutenant Colonel Jim Gregory, a spokesman for the Department of Defense, or DOD.

In a posting on the data-sharing website pastebin.com, the hackers said the list included some information from about 75,000 customers of Stratfor and approximately 860,000 people who had registered to use its site. It said that included some 50,000 email addresses belonging to the U.S. government’s .gov and .mil domains.

The list also included addresses at contractors including BAE Systems Plc, Boeing Co, Lockheed Martin Corp and several U.S. government-funded labs that conduct classified research in Oak Ridge, Tennessee; Idaho Falls, Idaho; and Sandia and Los Alamos, New Mexico.